UK govt urged to mandate ethics boards for big data

A former employee of the UK's communications listening station GCHQ has urged the government to extend data protection rules to protect citizens involved in large-scale data collection activities.

Giving evidence to a parliamentary inquiry into the technology, Dr David Macnish, who is now a professor at Leeds University, said companies looking to deal with large amounts of sensitive customer information should be compelled to set up ethics boards that can oversee these activities and ensure the information is being used correctly, Techworld reports.

He stated there are a number of ethical challenges related to the collection, storage and use of big data that will have to be addressed if businesses are to make the most of the technology and ensure their customers are happy with their how their information is used. These include issues such as informed consent, security of the data, and what secondary uses data may be involved in.

Taking existing data that has been collected for a specific purpose, then reapplying it for other uses can cause issues if individuals have not given their consent for the new scenario. 

Therefore, Dr Macnish recommended the "data protection act be extended to include not just the collection of data on citizens, but also the processing of that data such that citizens can at any time request and be told clearly the ends to which their data is being put."

Under his proposals, consent would be required by law for the use of data by entrepreneurs, corporations or the government. Training and security certifications should at least be made available for those with access to large data sets, and ideally be mandated for all employees working with data analytics.

Ethics review boards should watch over all big data projects and be part of corporations, rather than the government, with oversight by the Information Commissioner's Office, Mr Macnish continued.

"The government should place a ban on using data without explicit, informed, voluntary prior consent," Dr Macnish stated. "Failing an outright ban, the government should take a lead on this approach through its dealings with the public through the NHS, DWP, etc."

He acknowledged that such an approach would not be without its drawbacks. If implemented, UK businesses may not be able to use existing databases as easily as would otherwise be the case. This would lead to some losses as other nations may be able to edge ahead of the UK by using research data where consent is not required.

However, he claimed these commercial losses will be worth it in the long term if it helps create a strong data regulation environment and builds public trust in such systems.

Dr Macnish highlighted public reaction to high-profile data breaches such as the Ashley Madison hack, as well as the Edward Snowden revelation on activities carried out by GCHQ and the NSA, to illustrate the public's growing wariness of large-scale data collection, which he said is something that must be addressed if big data is to be accepted by consumers.